A security issue has been found in Thunderbird versions prior to 60.2.1. If a user saved passwords before the move to a new password format and then later set a master password, an unencrypted copy of these passwords is still accessible. This is because the older stored password file was not deleted when the data was copied to a new format. The new master password is added only on the new file. This could allow the exposure of stored password data outside of user expectations.
|18 Oct 2018||ASA-201810-13||AVG-782||thunderbird||Critical||multiple issues|